Wpeverest Everest_forms
14 CVEs affecting Wpeverest Everest_forms. Latest disclosed: 2025-06-25. Critical: 3, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-3439 | Critical | 9.8 | 2025-04-11 | The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in a… |
CVE-2025-1128 | Critical | 9.8 | 2025-02-25 | The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, r… |
CVE-2019-13575 | Critical | 9.8 | 2019-07-18 | A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a… |
CVE-2025-5927 | High | 7.5 | 2025-06-25 | The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() func… |
CVE-2024-1812 | High | 7.2 | 2024-04-09 | The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'font_url' parameter. T… |
CVE-2025-26841 | Medium | 6.1 | 2025-05-12 | Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload. |
CVE-2025-3421 | Medium | 6.1 | 2025-04-11 | The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scri… |
CVE-2021-24907 | Medium | 6.1 | 2021-12-21 | The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute… |
CVE-2023-51695 | Medium | 5.9 | 2024-02-01 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms – Build Contact Forms, Surveys, P… |
CVE-2025-3422 | Medium | 5.4 | 2025-04-11 | The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode e… |
CVE-2023-51377 | Medium | 5.3 | 2024-06-14 | Missing Authorization vulnerability in WPEverest Everest Forms.This issue affects Everest Forms: from n/a through 2.0.3. |
CVE-2024-8542 | Medium | 4.8 | 2025-05-15 | The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to p… |
CVE-2024-10471 | Medium | 4.8 | 2024-11-26 | The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to p… |
CVE-2024-13125 | Low | 3.5 | 2025-02-13 | The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to p… |